Citrix Archives - My little Farm

Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update

In 2016 Ryan Butler created a PowerShell script to update a NetScaler configuration to score an A+ at the SSL Labs SSL test. I updated this script to score an A+ in 2023.

Credits

This blog post would not be possible without the groundwork from Ryan Butler and Carl Stalhood. Ryan created the initial script and Carl provided me with a current SSL cipher list for Q2 2023.

Updates and tests

Last year, I had a few new Citrix NetScaler Gateway VPX setups, and needed a fast way to get the SSL settings right. Most of the time I used the script by Ryan, but in the meantime it was outdated. I grabbed the script and the provided SSL cipher list by Carl and got a working copy that immediately scored an A+ at SSL Labs. Sadly, I did not take my time to create a pull request over at Ryan’s GitHub to give back. Today I took my time, to tidy up the code, thanks to the Visual Studio Code PowerShell formatter and write up the changelog. Continue reading “Scoring an A+ at SSLLabs.com with Citrix NetScaler – Q2 2023 update”

Update Citrix Workspace Environment Management (WEM) to 2106 (2106.1.0.1)

An update guide for Citrix Workspace Environment Management (WEM) to the latest version 2106.

On June 16, 2021 Citrix released version 2106 of Workspace Environment Management (WEM). This is an update guide.
Customer Success Services / Software Maintenance eligibility date: May 15, 2021

Download Citrix WEM 2106 (2106.1.0.1) here:
https://www.citrix.com/de-de/downloads/citrix-virtual-apps-and-desktops/components/workspace-environment-management-2106.html

What’s new:
https://docs.citrix.com/en-us/workspace-environment-management/current-release/whats-new.html

Fixed issues:
https://docs.citrix.com/en-us/workspace-environment-management/current-release/fixed-issues.html

WEM setup files

Continue reading “Update Citrix Workspace Environment Management (WEM) to 2106 (2106.1.0.1)”

Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway

Since 19 December 2020 7pm CET we see a possible worldwide DDOS amplify attack against Citrix Gateway UDP:443 DTLS EDT services.

Changelog

11.01.2021: Added information about the new Citrix ADC Gateway (formerly NetScaler) firmware releases, which solve the memory leak issue with -helloVerifiyRequest
24.12.2020: Added information about the official Citrix Knowledge Center article CTX289674
Added a final summary, that repeats all possible solutions
Maked it a lot clearer, that -helloVerifiyRequest doesn’t seem to work well
22.12.2020: Added a warning note, that -helloVerifiyRequest doesn’t work on all Citrix ADC (NetScaler) firmware versions
21.12.2020: Added a third possible solution regarding -helloVerifiyRequest
21.12.2020: Initial version

The situation

During the night from Saturday (19.12.2020) to Sunday (20.12.2020) our Zabbix Monitoring informed us, that several Citrix Gateway VPX (50) appliances were at its license cap. We investigated the situation and soon found out, that we had 0 ICA sessions on most of them, hence no explanation for the traffic.

Zabbix Citrix Gateway Throughput Monitoring Graph

Continue reading “Potentially ongoing worldwide UDP:443 (EDT) DDoS amplify attack against Citrix (NetScaler) Gateway”

Caution: FSLogix 2009 (2.9.7621.30127) profiles won’t logoff completely

At three customer sites I created test machine catalogs with FSLogix 2009, and all of them had the same issue, that FSLogix profiles won’t logoff completely at the end of the day.

Update January 11, 2021: I was informed about a better solution via Twitter, and updated the Blog post accordingly.

The Problem

During my personal tests with FSLogix 2009 (2.9.7621.30127) I discovered that the profiles won’t logoff completely at the end of the day. See the following screenshots.

Hanging profiles (1)

Hanging profiles (2)

You can clearly see, that despite there are no active or disconnected user sessions, some of the VHDX disks are still mounted, but more important the folders from C:\users\ won’t vanish.

This makes a second login impossible on the same VDA.

Continue reading “Caution: FSLogix 2009 (2.9.7621.30127) profiles won’t logoff completely”

#virtualexpo: Create unattended Setups with AutoIt when no silent setup switch is available

When creating automated (Citrix) Master Images for MCS or PVS, you often encounter software for which no MSI and EXE silent switches are provided – and the vendor refuses to cooperate.
In this session, Marco Hofmann will show you how to write simple unattended AutoIt installation scripts that can automate installations for tools such as the Microsoft Deployment Toolkit.

Today is the #virtualexpo hosted by Trond E Haavarstein. I registered a slot as a speaker, to talk about my struggle to include apps in my Citrix MCS Golden Master Images, which I built with the Automation Framework Microsoft Deployment Toolkit (MDT), when the vendor doesn’t include silent setup switches in their setup files.

For this purpose I’m giving an example, about how to solve this issue with AutoIt.

I you want to hear my speech and all the other great speakers, take a look at the agenda and register!

Continue reading “#virtualexpo: Create unattended Setups with AutoIt when no silent setup switch is available”